Mobile telephone number: If you forget your password, or if there is unusual activity on your account, Google can send you a security code via SMS for you to prove you are who you say you are. If someone has your account password it's quite unlikely they've also got your mobile phone. Google will only use your number for security purposes. Important: Keep this up to date! This won't be of much use if Google sends security codes to a phone number you no longer use.

Recovery email address: Similar to the mobile phone number, this is a different email address where Google will send security codes and other important security messages, like when you've forgotten your username and/or your password. If you don't have a second email address, you can always use the email address of someone you trust (like a spouse).

Alternative email address: This is different from the recovery email address in that this is a second address that you can use to sign in to your Google account. It also cannot be a Gmail account or an address that's associated with a different Google account.

This may be the single best way to protect your account. When you log in from an untrusted device, you'll be prompted not only for your password but also for a six-digit code sent to you that's unique for your device. Even if someone has your password, if they don't have access to your secondary device where your code is sent, then they can't complete the login.

Use a strong, unique password

There are lots of places to get advice on how to create a strong password online, so I won't belabor it again here. Just as important, however, is to never use the password for your Google account anywhere else. Every month it seems there's news of a site that has had user credentials stolen. While you may not care about the data that was on that site, since so many people re-use passwords that's where the value lies for the bad guys.

Think about it: If you forget the password to your bank account, where does the reset password link get sent? Your email address. The password for your email should be the strongest of all.

Set Gmail to always use HTTPS (SSL)

Unless there is a technical reason not to, you should have Gmail set to always use a secure connection (HTTPS). This setting is found under Settings > General > Browser connection.

When using a shared/public computer...

Use "private" or "incognito" mode in the browser: These modes (available in most modern browsers) prevent the storage of web history, form data, or cookies. If you can't use this mode, be sure to clear history and cookies after you log out.

Log out from your account when you're done: This should go without saying, but people forget.